CVE-2009-2416

CWE-416 — Use After Free8 documents8 sources

Severity

6.5MEDIUM

EPSS

0.2%

top 58.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Iphone OS Apple MAC OS X Apple MAC OS X Server +16 more

Timeline

PublishedAug 11

Latest updateMay 2

Description

Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages15 packages

▶Debianlibxml2< 2.7.3.dfsg-2.1+3

▶NVDxmlsoft/libxml25 versions+4

▶NVDxmlsoft/libxml1.8.17

▶NVDapple/safari< 4.0.4

▶NVDgoogle/chrome< 2.0.172.43

Also affects: Debian Linux 4.0, Fedora 10, 11, Linux Enterprise 10.0, 11.0, Ubuntu Linux 6.06, 8.04, 8.10, 9.04, Enterprise Linux 3.0, 4.0, 5.0

Patches

Patch: www.debian.org ↗Patch: www.mail-archive.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-2vw2-h5mp-gfhw: Multiple use-after-free vulnerabilities in libxml2 2↗2022-05-02

▶

CVEList

CVE-2009-2416: Multiple use-after-free vulnerabilities in libxml2 2↗2009-08-11

▶

OSV

CVE-2009-2416: Multiple use-after-free vulnerabilities in libxml2 2↗2009-08-11

▶

📋Vendor Advisories

Ubuntu

libxml2 vulnerabilities↗2009-08-11

▶

Red Hat

mingw32-libxml2: Pointer use-after-free flaws by parsing Notation and Enumeration attribute types↗2009-08-10

▶

Debian

CVE-2009-2416: libxml2 - Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.2...↗2009

▶

💬Community

Bugzilla

CVE-2009-2416 libxml, libxml2, mingw32-libxml2: Pointer use-after-free flaws by parsing Notation and Enumeration attribute types↗2009-08-03

▶